27
CHAPTER II LITERATURE REVIEW AND FRAME OF THINKING
In this chapter the literature is reviewed according to Standard of COBIT which refers to as business requirements for information. This chapter covers the management, Concept of managements, information system, components of information systems, information technology resources, management information system, MIS Definition, Information Systems Audit, Definition of Audit system, types of Audit, Definition of COBIT Framework, COBIT Maturity Model, Frame of thinking and Benefits of Audit for Pasundan University.
2.1 Management
According to V.S. Bagad, (2009:2) management is defined as the process of planning, organizing, staffing and controlling the efforts of the members of organization to achieve goals or objectives of the organization.
According to V.S. Bagad, (2009:3), Management process is a joint effort of man, money and material resources to achieve the goals, Management process requires decision making at various conflicting states such as human conflict, conflicts of goals, conflicts of alternatives, resources, time, methods etc. a manager uses variety of tools and techniques to resolve the conflicts. In order to function an organization effectively and to resolve the problems the organization must be treated as a system i.e. all the principles and rules of system must be applicable to the organization.
Important principles of system theory are summarized as follow:
1. A system consists of few important parts.
2. A system can be either open (interacting with environment) or closed (not interacting with environment).
3. A system works under boundary.
4. A system tries to achieve steady state condition.
For implementing MIS, Systems approach to management is most efficient. There are also other approaches given by eminent engineers and scholars.
2.1.1 Concept of Managements
Gaudencio V. Aquino, (2000:7) stated that, the concept of management has broadened in scope with the introduction of new perspectives by different fields of study. He adds that the study of management has evolved into more than the use of means to accomplish given ends; today it includes moral and ethical questions concerning the selection of the right ends toward which managers should strive.
Massie cited Harbison and Myers’ (1997, 3-4) classic three-fold concept for emphasizing a broader scope for the view-point of management. These authors observe management as (1) an economic resource, (2) a system of authority, and (3) a class or elite.
1. As viewed by the economist, management is one of the factors of production together with land, labor, and capital. As the industrialization of a nation increases, the need for management becomes greater as it is substituted for capital and labor. The managerial resources of a form determine, in large measure, productivity and profitability. In those industries experiencing innovations, management must be used more intensively. Executive development therefore is more important for those firms in a dynamic industry in which progress is rapid Gaudencio V. Aquino, (2000:7)
2. As viewed by a specialist in administration and organization, management is a system of authority. Historically, management first development an authoritarian philosophy with a small number of top individuals determining all actions of the rank and file. Later, humanitarian concepts caused some management to develop paternalistic approaches. Still later, constitutional management emerged, characterized by a concern for definite and consistent policies and procedures for dealing with the working group. As more employees received higher education, the trend of management was toward a democratic and participative approach. Modern management can be viewed as a synthesis of these four approaches to authority. Gaudencio V. Aquino, (2000:7)
3. As viewed by a sociologist, management is a class and status system. The increase in the complexity of relationships in modern society demands that managers become an elite of brains and education. Entrance into this class in based more and more on education and knowledge instead of on family or political connections. A broad view of management requires that the student consider this larger perspective of the place of management in society. Gaudencio V. Aquino, (2000:7)
Many chief executives and educators, Massie continues, contend that the most important perspective of top executives should be based on a “liberally educated outlook in life.” The total concept of management requires an understanding of the meaning of liberal education and its relationship to management functions. A liberal point of view is not merely the sum of a finite number of narrow approaches. Its emphasis is on freedom to choose from the widest range of possibilities by discovering new possibilities, and by recalling possibilities previously developed but forgotten. The liberally-oriented executive continues to expand his horizons with utmost freedom in an effort to strive towards an ultimate in life.
Massie concludes by saying that because management must be concerned with ends as well as means, it is clear that it must maintain a broad perspective, unfettered by specialized restrictions. The paradox of management is that it is based on identifiable and rigorous frameworks of concepts, but at the same time it continues to strive toward breaking out o any set discipline.
2.2 Information System
Shelly, Cashman and Vermaat (1999:6), Aninformation systemis a collection of hardware, software, data, people and procedures that are designed to generate information that supports the day-to-day, short-range, and long-range activities of users in an organization.Information systems generally are classified into five categories:office information systems, transaction processing systems, management information systems, decision support systems, and expert systems.The following sections present each of these information systems.
2.2.1 Components of information system
According to Martin, E.W, (2002):
Five Components of an Information System:
• People Resources
– End users: the people who use the IS or the information from the IS
– IS specialists: the people who develop and operate IS
• Hardware Resources
– All physical devices used in information processing
– Machines, data media, peripherals
• Software Resources
– All information processing instructions including programs and procedures
– System software, application software and procedures
• Data Resources
– Facts about the business transactions
– Processed and organized information
– Databases of organized data
• Network Resources
– Communications media
– Network infrastructure: hardware and software
– The Internet, intranets and extranets
2.2.2 Data versus Information
According to Martin, E.W, (2002):
– Data are raw facts about physical phenomena or business transactions
– Information is data that has been converted into meaningful and useful context for end users.
Example:
– Sales data is names, quantities and dollar amounts
– Sales information is amount of sales by product type, sales territory or salesperson.
2.2.3 Information Technology Resources (IT RESOURCES)
According to ITGI, (2007:16) The IT resources identified in COBIT can be defined as follows:
a. Applications are the automated user systems and manual procedures that process the information.
b. Information is the data, in all their forms, input, processed and output by the information systems in whatever form is used by the business.
c. Infrastructure is the technology and facilities (i.e., hardware, operating systems, database management systems, networking, multimedia, and the environment that houses and supports them) that enable the processing of the applications.
d. People are the personnel required to plan, organize, acquire, implement, deliver, support, monitor and evaluate the information systems and services. They may be internal, outsourced or contracted as required.
The above criteria is aimed to evaluate the extent to which information technology resources can meet the needs of an organization of any information
2.2.4 Information Systems Research Methodologies
According to Myers [9] Qualitative research approach is one of main categories among the other research approaches. For the development of Maturity level model from the survey results, this methodology is used.
2.2.4.1 Qualitative Research
Qualitative data obtained from such as interviews, documents and observations are used for qualitative research. Qualitative research includes case studies and action researches. Myers, (1997:21) states that qualitative research methods are designed to help researchers understand people and the social and cultural contexts within which they live. Kaplan and Maxwell (as cited in Myers (1997) argue that in case of the quantified data, the participant’s view representing the social and institutional context is mostly lost. Since the qualitative data obtains the snapshot data, the main point in qualitative research is that the situation that is to be examined will need to have happened or to happen during the action of noticing. Myers, (1997) says that qualitative research can be positivist, interpretive, or critical. These three philosophical perspectives are described in Table 2.1
Four qualitative research methods used in information systems: action research, case study research, ethnography and grounded theory. These research methods are described in Table 2.2
Acase study(also known as acase report) is an intensive analysis of an individual unit (e.g., a person, group, or event) stressing developmental factors in relation to context. The case study is common insocial sciencesandlife sciences. Case studies may be descriptive or explanatory. The latter type is used to explore causation in order to find underlying principles. Sheppard, Jon; Robert W. Greene (2003:22), they may beprospective(in which criteria are established and cases fitting the criteria are included as they become available) orretrospective(in which criteria are established for selecting cases from historical records for inclusion in the study). (Wikipedia, 2013),
Thomas (2011:17)offers the following definition of case study: "Case studies are analyses of persons, events, decisions, periods, projects, policies, institutions, or other systems that are studied holistically by one or more methods. The case that is thesubjectof the inquiry will be an instance of a class of phenomena that provides an analytical frame — anobject— within which the study is conducted and which the case illuminates and explicates." (Wikipedia, 2013).
Table 2.1.Qualitative Research Philosophical Perspectives
Philosophical Perspective / DescriptionPositivist / The researcher gives the reality objectively and quantifiable measures of variables. According to Orlikowski and Baroudi (1991) a positivist IS research has hypothesis testing and the drawing of inferences about a phenomenon from the sample to a stated population.
Interpretive / People assign meanings to occurrences.
Critical / According to Comstock (1982), in critical perspective, the constraints in the current actions and shape of the understanding are developed historically.
Source: Myers, M. D. (1997).
Organizations are complex systems. Some parts of them cannot be broken into measurable variables although it is indicated that unless it can be measured, it cannot be improved. As a result of these, Case Study was chosen as research to measure maturity level in this thesis.
Table 2.2 Qualitative Research Methods
Research Method / DescriptionAction research / In a cyclical process, a link between the theory and practice is created and by using data feedback, changes in the processes occur for practical problem solving and expanding the scientific knowledge.
Case study research / If the context boundary is not clear, case study research helps to investigate phenomenon in real-life context.
Ethnography / Ethnographic research deals with social and cultural occurrences.
Grounded theory / Grounded theory is an ethnographic approach where the knowledge is taken out from the grounded data, meaning the theory is generated from observations. The explanation, properties and the relationship between the categories as a consequence of the theory.
Source: Myers, M. D. (1997).
2.4 Management Information System
According to Anderson, David L. (2000:6), the first step in learning how to apply information technology to solve problems is to get a broader picture of what is meant by the term management information system. You probably have some experience with using computers and various software packages. Yet, computers are only one component of a management information system. A management information system (MIS) or computer information system (CIS) consists of five related components: hardware, software, people, procedures, and collections of data. The term information technology (IT) represents the various types of hardware and software used in information system, including computers and networking equipment. The goal of MIS is to enable manager to make better decisions by providing quality.
The physical equipment used in computing is called hardware. The set of instructions that controls the hardware is known software. In the early days of computers, the people directly involved in MIS tended to programmers, design analysts, and a few external users. Today, almost everyone in the firm is involved with the information system. Procedures are instructions that help people use the systems. They include items such as user manuals, documentation, and procedures to ensure that backups are made regularly. Databases are collections of related data that can be retrieved easily and processed by the computers.
The initial concept of MIS was to process data from the organization and presents it in the form of reports at regular intervals. The system was largely capable of handling the data from collection to processing. It was more impersonal, requiring each individual to pick and choose the processed data and use it for his requirements.
According to Raymond McLeod, Jr. and George P Schell (2004:10-11), Management Information System (MIS) as a computer based system that makes information available to users with similar needs. Information is processed data that is meaningful; it usually tells the user something that she or he did not already know. The MIS users usually compose a formal organizational entity – the firm or a subsidiary subunit. Special version of the MIS has been tailored to the marketing unit (marketing information systems) and the executives (executive information systems) for example. The information describes the firm or one of its major system in terms of what has happened in the past, what is happening now, and what is likely to happen in the future.
Thought there are a number of definitions, all of them converge on one single point, i.e., the MIS is a system to support the decision making function in the organization. The difference lies in defining the elements of the MIS. However, in today’s world MIS a computerized, Business processing system generating information for the people in the organization to meet the information needs decision making to achieve the corporate objective of the organization.The difficulty in handling this multiple requirement of the people is due to a couple of reasons. The information is a processed product to fulfill an imprecise need of the people. It takes time to search the data and may require a difficult processing path. It has a time value and unless processed on time and communicated, it has no value. The scope and the quantum of information is individual-dependent and it is difficult to conceive the information as a well-defined product for the entire organization. Since the people are instrumental in any business transaction, a human error is possible in conducting the same. Since a human error is difficult to control, the difficulty arises in ensuring a hundred per cent quality assurance of information in terms of completeness, accuracy, validity, timeliness and meeting the decision making needs.